Current solutions to providing services across virtual private network (VPN) services typically requires that public network edge routers exchange routing and control traffic packets relating to the private networks behind them. Control packets sent across the public network are unsecured by any form of encryption and may contain messages for specific sources behind other edge routers. Since these control packets are unencumbered by complex encryption protocols, some degree of traffic analysis can be performed by unauthorized persons that are able to intercept these control packets as they transverse the public network. While this normally is not a problem for most commercial multicast applications, it can pose a risk for more sensitive applications. Thus, current VPN technologies cannot be used in sensitive networks where all control traffic relating to the private network must be secured.